Dear reader,
The following security fixes were made:
OTRS Security Advisory 2024-01
ID: OSA-2024-01
Date: 2024-01-29
Title: Missing file type check in avatar picture upload
Severity: 3.5 LOW
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
References: CVE-2024-23790
OTRS Security Advisory 2024-02
ID: OSA-2024-02
Date: 2024-01-29
Title: Unnecessary data is written to log if issues during indexing occurs
Severity: 4.9 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References: CVE-2024-23791
OTRS Security Advisory 2024-03
ID: OSA-2024-03
Date: 2024-01-29
Title: Insufficient access control
Severity: 5.3 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1
FULL CVSS v3.1 VECTOR: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
References: CVE-2024-23792
OTRS Security Advisory 2024-04
ID: OSA-2024-04
Date: 2024-01-29
Title: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor
Severity: 6.1 MEDIUM
Product: OTRS 7.0.x, OTRS
Fixed in: OTRS 7.0.49, OTRS 2024.1.1, OTRSAdvancedEditor 7.0.33, OTRSAdvancedEditor 2024.1.1
FULL CVSS v3.1 VECTOR: OTRSAdvancedEditor 2024.1.1
References: CVE-2021-33829
To read the entire Security Advisory/Advisories, please follow this link:
Kind regards,
Your OTRS release team
